CWE-307
Improper Restriction of Excessive Authentication Attempts
Parent: CWE-1390 - Weak Authentication
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.
561 vulnerabilities with CWE-307
CVE-2025-7882
LOW
Mercusys MW301R 1.0.2 Build 190726 Rel.59423n - Auth Bypass
CVSS 3.1
CVE-2025-27456
HIGH
SMB Server - DoS
CVSS 7.5
CVE-2025-27449
HIGH
MEAC300-FNADE4 - DoS
CVSS 7.5
CVE-2025-1710
HIGH
Endress Meac300-fnade4 Firmware < 0.16.0 - Brute Force
CVSS 7.5
CVE-2025-52997
MEDIUM
File Browser <2.34.1 - Info Disclosure
CVSS 5.9
CVE-2025-4383
CRITICAL
Wi-Fi Cloud Hotspot <30.05.2025 - Auth Bypass
CVSS 9.3
CVE-2025-6533
MEDIUM
xxyopen/201206030 novel-plus <5.1.3 - Auth Bypass
CVSS 5.6
CVE-2025-2171
HIGH
Aviatrix Controller <7.1.4208-8.0.0 - DoS
CVE-2025-52916
LOW
Yealink RPS <2025-06-04 - Info Disclosure
CVSS 2.2
CVE-2025-47951
MEDIUM
Weblate < 5.12 - Brute Force
CVSS 4.9
CVE-2025-6030
CRITICAL
Cyclone Matrix TRF Smart - Replay Attack
CVE-2025-6029
CRITICAL
KIA-branded Aftermarket Generic Smart - Replay Attack
CVE-2025-43863
CRITICAL
Vantage6 < 4.11.0 - Brute Force
CVSS 9.8
CVE-2025-49195
MEDIUM
Sick Media Server - Brute Force
CVSS 5.3
CVE-2025-49186
MEDIUM
Avaya Media Server - Brute Force
CVSS 5.3
CVE-2025-5864
LOW
Tenda TDSEE App <1.7.12 - Auth Bypass
CVSS 3.7
CVE-2025-48014
HIGH
Product <Version - Privilege Escalation
CVSS 7.5
CVE-2025-48187
CRITICAL
Infiniflow Ragflow < 0.18.1 - Brute Force
CVSS 9.1
CVE-2025-46739
HIGH
Unspecified - Info Disclosure
CVSS 8.1
CVE-2025-20196
MEDIUM
Cisco IOx - DoS
CVSS 5.3
CVE-2025-3709
CRITICAL
Agentflow - Auth Bypass
CVSS 9.8
CVE-2025-42600
HIGH
Meon KYC - Auth Bypass
CVE-2025-3556
LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-3555
LOW
ScriptAndTools eCommerce-website-in-PHP 3.0 - Auth Bypass
CVSS 3.7
CVE-2025-3129
MEDIUM
Access Code < 2.0.4 - Brute Force
CVSS 4.8
Details
Vulnerabilities
561